package com.orion.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 基于内存初步demo
 *
 * @author Administrator
 * @date 2021/9/22
 */
//@Configuration
//@EnableAuthorizationServer
public class Oauth2AuthorConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

        security
                // 开启/oauth/token_key验证端口无权限访问
                .tokenKeyAccess("permitAll()")
                // 开启/oauth/check_token验证端口认证权限访问
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();
    }
//http://localhost:8080/oauth/authorize?client_id=clientapp&response_type=code&scope=read_user_info

    //curl -X POST --user clientapp:654321 http://localhost:8080/oauth/token -H "content-type: application/x-www-form-urlencoded" -d "code=TUXuk9&grant_type=authorization_code&redirect_uri=http://localhost:8081/login&scope=read_user_info"

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()
                .withClient("llc")
                .redirectUris("www.baidu.com")
                .autoApprove(true)
                .scopes("sb1")
                .secret(passwordEncoder.encode("orion1"))
                .accessTokenValiditySeconds(3600)
                .refreshTokenValiditySeconds(3600 * 2)
                .authorizedGrantTypes("password", "authorization_code", "refresh_token")
                .authorities("llc_authorities")
                .resourceIds("rs1")
                .additionalInformation()
                .and()

                .withClient("llc2")
                .redirectUris("www.baidu.com")
                .autoApprove(true)
                .scopes("sb2")
                .secret(passwordEncoder.encode("orion2"))
                .accessTokenValiditySeconds(7200)
                .refreshTokenValiditySeconds(7200 * 2)
                .authorizedGrantTypes("password", "refresh_token")
                .authorities("llc2_authorities")
                .resourceIds("rs2");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.addInterceptor(new HandlerInterceptor() {
            @Override
            public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
                System.out.println("pre-handler jhahahhaha");
                return true;
            }
        });

        endpoints.allowedTokenEndpointRequestMethods(HttpMethod.POST, HttpMethod.GET);
        endpoints.authenticationManager(authenticationManager);

    }
}
